180 likes | 195 Views
Fine-grained Access Control for Spatial Services ...e nforcing the Need-to-Know Principle. Rüdiger Gartmann con terra GmbH, Münster, Germany. Public Safety Scenario: Planning an Event. Actors:. User Groups. X. Access to All Information. Planning team Event preparation
E N D
Fine-grained Access Control for Spatial Services...enforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany
Access to All Information • Planning team • Event preparation • Plan roadblocks, routes, evacuation scenarios, personnel... • Assign areas for police, firefighters, paramedics, ... • Control team • Event monitoring • Measuring of movements, reaction to incidents and emergencies, revision of plans, ... • Management of emergency response teams • Observation of surveillance cameras, location of suspects, ...
Access to Limited Information • Technical preparation • Create roadblocks, trafficcontrolsystems, barriers, ... • Seal gullyholes, check securitymeasures, ... • Emergency responseteams • Situation assessments • Takingorders • Status reports • Findingplacesofaccident • Guidance, evacuation, protection...
Access to Public Information • Tourists • Plan theirtrips • See what‘sgoing on • Find friends • Post information, photos, ... • Geteventnotifications • Threats • Onlyaccesstopublicinformation
Security Levels vs. Need-To-Know • Regardlessofthesecurityclassification, accessisonlypermittedifthereis an actualneed • Planningteamisallowedtoseeevacuationroutes... • Controlteamisallowedtousesurveillancecameras... • Poliecemenareallowedtoreportincidents... • Paramedicsareallowedtorequestambulances... • ...but onlyfortheveryeventtheyareactuallydealingwith!
Authorisation Decision • Information isclassified • Information isassignedtocertaintasks • Users areclassified • Users areassignedtocertainroles (responsibleforcertaintasks) • Access isgranted, onlyif • classificationlevelmatchesand • task/roleassignmentmatches
Access Control to Spatial Content based on security.manager
Creating Policies • Policy structure • System isdeny-biased • Everyonewithout explicit permissionsisdenied
Authorisation of Services Authorize services in securityManager Full set Restricted
Layer Authorisation All layers Define rights Restricted listof layers
Feature Authorization Classification = yellow All features Filtered to features classified as yellow
Authorise Functionalities Assign permissions for operations in securityManager Identify result Identify not authorized
Spatial Restrictions Spatial restrictionsin securityManager Full extent Spatial restriction for Germany
Thank you for your interest......and visit us in the exhibition! Rüdiger Gartmannr.gartmann@conterra.de